Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013 Ran by Aga (administrator) on 14-07-2013 16:43:04 Running from C:\Users\Aga\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Could not list processes =============== ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11697768 2010-12-14] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [IntelWireless] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-11-02] (Intel(R) Corporation) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-09-07] (Lenovo) HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-09-07] (Lenovo) HKLM\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-09-07] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-09-07] (Lenovo(beijing) Limited) HKLM\...\Run: [lxdomon.exe] - "C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe" [455336 2010-02-10] () HKLM\...\Run: [lxdoamon] - "C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe" [25256 2010-02-10] () Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO) HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation) HKCU\...\Run: [SRS Premium Sound] - "C:\Program Files (x86)\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /h [x] HKCU\...\Run: [Bluetooth] - "C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe" [x] HKCU\...\Run: [Lexmark Lxdomon] - "C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe" [455336 2010-02-10] () HKCU\...\Run: [Lexmark Lxdoamon] - "C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe" [25256 2010-02-10] () HKCU\...\Run: [Komunikator WTW] - "C:\Program Files\K2T\WTW\wtw.exe" [3351552 2013-06-20] (WTW.im, Kaworu) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-06-08] (Samsung) MountPoints2: E - E:\SISetup.exe MountPoints2: {2037a2b1-d6c8-11e2-a83f-ec55f9e043b6} - E:\Autorun.exe MountPoints2: {6796b075-a1eb-11e1-a14c-ec55f9e043b6} - H:\SISetup.exe MountPoints2: {73325102-f385-11e1-b77a-ec55f9e043b6} - E:\AutoRun.exe MountPoints2: {7332510e-f385-11e1-b77a-ec55f9e043b6} - E:\AutoRun.exe MountPoints2: {9f8f0dd6-dcc2-11e1-b16b-ec55f9e043b6} - E:\Autorun.exe MountPoints2: {c94c730c-39f0-11e2-a9d9-ec55f9e043b6} - E:\AutoRun.exe HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [UIExec] - "C:\Program Files (x86)\blueconnect\UIExec.exe" [132608 2009-04-07] () HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [206448 2012-10-31] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) AppInit_DLLs: C:\windows\system32\nvinitx.dll [226920 2011-03-06] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll [192616 2011-03-06] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{6547D274-59FC-42EF-82D3-AD377A6B32F3}: [NameServer]89.108.202.21 89.108.195.21 FireFox: ======== FF ProfilePath: C:\Users\Aga\AppData\Roaming\Mozilla\Firefox\Profiles\0boqji85.default FF Homepage: www.google.pl FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Anton\Programy\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @vizlight.pl/deLight3D,version=1.4 - C:\Program Files (x86)\deLight3D\npdelight3d.dll (vizLight) FF Extension: GlassMyFox - C:\Users\Aga\AppData\Roaming\Mozilla\Firefox\Profiles\0boqji85.default\Extensions\GlassMyFox@ArisT2_Noia4dev.xpi FF Extension: Noia4Options - C:\Users\Aga\AppData\Roaming\Mozilla\Firefox\Profiles\0boqji85.default\Extensions\Noia4Options@ArisT2.xpi FF Extension: No Name - C:\Users\Aga\AppData\Roaming\Mozilla\Firefox\Profiles\0boqji85.default\Extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF StartMenuInternet: FIREFOX.EXE - C:\Anton\Programy\Firefox\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN CHR Extension: (McAfee SiteAdvisor) - C:\Users\Aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0 ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.) R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2007-09-03] (FirebirdSQL Project) R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2002944 2007-09-03] (FirebirdSQL Project) S4 GenieUpdaterService; C:\Anton\Programy\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe [20480 2009-09-02] (William Demant) S2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 Inspire Support Service; C:\Anton\Programy\Starkey\Inspire OS\Starkey.InspireSupport.Service.exe [34816 2012-09-20] (Microsoft) R2 Inspire Updater Service; C:\Program Files (x86)\Starkey Laboratories\Updater\WindowsService.exe [91136 2012-09-24] (Starkey Laboratories) S2 lxdoCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe [28672 2007-07-17] (Lexmark International, Inc.) R2 lxdo_device; C:\windows\system32\lxdocoms.exe [1039360 2007-09-20] ( ) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] () S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [246112 2012-09-17] () R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-09-30] (Realtek Semiconductor Corp.) R2 SAT IPC; C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe [55776 2012-12-18] (SHS) R2 Soda PDF 3D Reader Helper Service; C:\Program Files (x86)\Soda PDF 3D Reader\HelperService.exe [1352024 2012-12-21] (LULU Software) R2 Soda PDF 3D Reader Service; C:\Program Files (x86)\Soda PDF 3D Reader\ConversionService.exe [874328 2012-12-21] (LULU Software) R2 SQLANYe_Cxx7SA10Service; C:\Anton\Programy\Connexx7\SQLAnywhere10\win32\dbeng10.exe [136568 2012-01-09] (iAnywhere Solutions, Inc.) R2 UI Assistant Service; C:\Program Files (x86)\blueconnect\AssistantServices.exe [241664 2009-04-07] () ==================== Drivers (Whitelisted) ==================== S3 filter; C:\Windows\System32\drivers\bc02filt.sys [12896 2010-01-25] () S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [223744 2012-09-17] (Huawei Technologies Co., Ltd.) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-27] (Marvell Semiconductor, Inc.) R3 PYCH_CoreDriver; C:\Windows\System32\drivers\PYCH_CoreDriver.sys [254976 2012-10-13] (Jungo) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-12-15] (Realtek Semiconductor Corp.) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2012-10-13] (Jungo) U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 IAStorDataMgrSvc; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerServic; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 SoftwareService; U2 Stereo Service; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-14 16:41 - 2013-07-14 16:42 - 360985304 _____ C:\Users\Aga\Desktop\2013-07-14;16;41.reg 2013-07-14 16:40 - 2013-07-14 16:40 - 00000000 ____D C:\FRST 2013-07-14 16:09 - 2013-07-14 16:09 - 00602112 _____ (OldTimer Tools) C:\Users\Aga\Desktop\OTL.exe 2013-07-14 16:07 - 2013-07-14 16:07 - 01777839 _____ (Farbar) C:\Users\Aga\Desktop\FRST64.exe 2013-07-14 14:12 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-14 14:12 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-14 14:12 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-14 14:12 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-14 14:12 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-14 14:12 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-07-14 14:12 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-07-14 14:12 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-14 14:12 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-14 14:12 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-07-14 14:12 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-07-14 14:12 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-14 14:12 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-14 14:12 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-14 14:12 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-07-14 14:12 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-14 14:12 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-14 14:12 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-14 14:12 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-14 14:12 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2013-07-14 14:12 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-14 14:12 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-14 14:12 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2013-07-14 14:12 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-07-14 14:12 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2013-07-14 14:12 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2013-07-14 14:12 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-14 14:12 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-14 14:12 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-07-14 14:12 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-14 14:12 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2013-07-14 14:12 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-07-12 12:56 - 2013-07-12 16:49 - 00247004 _____ C:\Users\Aga\Desktop\2013_06_Rozliczenie_Poprawione.xlsx 2013-07-12 12:54 - 2013-07-12 12:54 - 00243843 _____ C:\Users\Aga\Desktop\Rozliczenie CZERWIEC 2013.xlsx 2013-07-10 11:22 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-10 11:22 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-10 11:22 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-10 11:22 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-10 11:22 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-10 11:22 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-10 11:22 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-07 17:59 - 2013-07-07 18:00 - 00000000 ____D C:\Users\Aga\Desktop\Szczawnica (2013-06-30_2013-07-04) 2013-06-29 14:48 - 2013-06-29 14:51 - 00000000 ____D C:\Users\Aga\AppData\Roaming\vlc 2013-06-29 14:48 - 2013-06-29 14:48 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-06-29 14:47 - 2013-06-29 14:47 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-06-27 23:39 - 2013-06-27 23:39 - 00448512 _____ (OldTimer Tools) C:\Users\Aga\Desktop\TFC.exe 2013-06-25 10:15 - 2013-06-25 10:15 - 00000000 ____D C:\Users\Aga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programy 2013-06-25 00:23 - 2013-06-25 00:23 - 00000000 ____D C:\Users\Aga\Documents\Soda PDF 3D Reader Files 2013-06-25 00:23 - 2013-06-25 00:23 - 00000000 ____D C:\Users\Aga\AppData\Roaming\APP_NAME_NON_STRING 2013-06-25 00:22 - 2013-06-25 00:23 - 00000000 ____D C:\Program Files (x86)\Soda PDF 3D Reader 2013-06-25 00:21 - 2013-06-25 00:24 - 00000000 ____D C:\Users\Aga\AppData\Roaming\PDF Software 2013-06-24 11:27 - 2013-06-24 11:27 - 00000017 _____ C:\windows\SysWOW64\shortcut_ex.dat 2013-06-24 11:08 - 2013-06-24 11:08 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-06-24 11:08 - 2013-06-24 11:08 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-06-24 11:08 - 2013-06-24 11:08 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-06-24 11:08 - 2013-06-24 11:08 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-24 11:08 - 2013-06-24 11:08 - 00000000 ____D C:\Program Files (x86)\Java ==================== One Month Modified Files and Folders ======= 2013-07-14 16:42 - 2013-07-14 16:41 - 360985304 _____ C:\Users\Aga\Desktop\2013-07-14;16;41.reg 2013-07-14 16:40 - 2013-07-14 16:40 - 00000000 ____D C:\FRST 2013-07-14 16:40 - 2011-09-07 19:04 - 00001062 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-14 16:39 - 2012-07-13 20:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-07-14 16:36 - 2012-05-17 17:00 - 00000893 _____ C:\windows\amhm.ini 2013-07-14 16:09 - 2013-07-14 16:09 - 00602112 _____ (OldTimer Tools) C:\Users\Aga\Desktop\OTL.exe 2013-07-14 16:07 - 2013-07-14 16:07 - 01777839 _____ (Farbar) C:\Users\Aga\Desktop\FRST64.exe 2013-07-14 15:59 - 2012-05-17 10:01 - 00000930 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-14 15:54 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-14 15:54 - 2009-07-14 06:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-14 15:51 - 2011-09-08 01:55 - 00738432 _____ C:\windows\system32\perfh015.dat 2013-07-14 15:51 - 2011-09-08 01:55 - 00154830 _____ C:\windows\system32\perfc015.dat 2013-07-14 15:51 - 2009-07-14 07:13 - 01664108 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-14 15:50 - 2011-09-07 18:11 - 01272040 _____ C:\windows\WindowsUpdate.log 2013-07-14 15:44 - 2011-09-07 19:04 - 00001058 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-14 15:44 - 2011-09-07 18:56 - 00631775 _____ C:\windows\system32\fastboot.set 2013-07-14 15:44 - 2011-09-07 18:52 - 01470732 _____ C:\FaceProv.log 2013-07-14 15:43 - 2012-06-29 10:32 - 00057966 _____ C:\windows\setupact.log 2013-07-14 15:43 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-14 15:07 - 2009-07-14 06:45 - 00343216 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-14 15:06 - 2012-05-18 20:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-14 15:05 - 2012-05-18 20:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-14 15:04 - 2012-05-16 11:22 - 00000000 ____D C:\Users\Aga\AppData\Roaming\SoftGrid Client 2013-07-14 15:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-14 15:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-14 14:13 - 2012-05-18 18:58 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-14 07:27 - 2012-05-16 11:19 - 00000000 ____D C:\Users\Aga 2013-07-14 07:10 - 2012-05-16 11:20 - 00081056 _____ C:\Users\Aga\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-12 16:49 - 2013-07-12 12:56 - 00247004 _____ C:\Users\Aga\Desktop\2013_06_Rozliczenie_Poprawione.xlsx 2013-07-12 12:54 - 2013-07-12 12:54 - 00243843 _____ C:\Users\Aga\Desktop\Rozliczenie CZERWIEC 2013.xlsx 2013-07-11 23:14 - 2012-05-17 20:38 - 00000000 ____D C:\Users\Aga\AppData\Local\Adobe 2013-07-11 23:14 - 2012-05-17 10:01 - 00003868 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-07-11 23:13 - 2012-05-17 10:01 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-07-11 23:13 - 2012-05-17 10:01 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-11 23:01 - 2010-11-21 05:47 - 00032778 _____ C:\windows\PFRO.log 2013-07-09 20:34 - 2012-05-21 12:34 - 00000000 ____D C:\ProgramData\Lx_cats 2013-07-08 18:07 - 2013-05-10 13:49 - 00465408 _____ C:\Users\Aga\Desktop\Zestawienie do dekret.xls 2013-07-07 18:00 - 2013-07-07 17:59 - 00000000 ____D C:\Users\Aga\Desktop\Szczawnica (2013-06-30_2013-07-04) 2013-07-05 12:24 - 2013-05-24 10:15 - 00032207 _____ C:\NOAHlink.LOG 2013-06-29 18:22 - 2012-10-07 11:54 - 00000000 ____D C:\ProgramData\boost_interprocess 2013-06-29 14:54 - 2012-05-17 07:43 - 00000000 ___RD C:\Users\Aga\Documents\Agusia 2013-06-29 14:51 - 2013-06-29 14:48 - 00000000 ____D C:\Users\Aga\AppData\Roaming\vlc 2013-06-29 14:48 - 2013-06-29 14:48 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-06-29 14:47 - 2013-06-29 14:47 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-06-27 23:39 - 2013-06-27 23:39 - 00448512 _____ (OldTimer Tools) C:\Users\Aga\Desktop\TFC.exe 2013-06-25 10:15 - 2013-06-25 10:15 - 00000000 ____D C:\Users\Aga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programy 2013-06-25 10:13 - 2012-08-03 13:55 - 00000218 _____ C:\windows\system32\AddPort.ini 2013-06-25 00:24 - 2013-06-25 00:21 - 00000000 ____D C:\Users\Aga\AppData\Roaming\PDF Software 2013-06-25 00:23 - 2013-06-25 00:23 - 00000000 ____D C:\Users\Aga\Documents\Soda PDF 3D Reader Files 2013-06-25 00:23 - 2013-06-25 00:23 - 00000000 ____D C:\Users\Aga\AppData\Roaming\APP_NAME_NON_STRING 2013-06-25 00:23 - 2013-06-25 00:22 - 00000000 ____D C:\Program Files (x86)\Soda PDF 3D Reader 2013-06-24 13:26 - 2012-05-21 15:32 - 00000000 ____D C:\Users\Aga\Desktop\Temp_skan 2013-06-24 11:27 - 2013-06-24 11:27 - 00000017 _____ C:\windows\SysWOW64\shortcut_ex.dat 2013-06-24 11:08 - 2013-06-24 11:08 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-06-24 11:08 - 2013-06-24 11:08 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-06-24 11:08 - 2013-06-24 11:08 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-06-24 11:08 - 2013-06-24 11:08 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-24 11:08 - 2013-06-24 11:08 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-24 11:08 - 2012-05-17 17:31 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll 2013-06-24 11:08 - 2012-05-17 17:31 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll 2013-06-23 14:00 - 2013-05-21 18:14 - 00000000 ____D C:\TEMP1 2013-06-17 10:17 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-14 14:49 ==================== End Of Log ============================